The ability to connect information technology infrastructure reliably, cost-effectively and securely is of high importance for today's global enterprises. To communicate with customers, clients, business partners, employees, etc., the Internet has proven to be more appropriate compared to private communication networks. However, communication via the Internet, which typically uses TCP/IP (Transmission Control Protocol/Internet Protocol), also increases the requirements for data security. Network firewalls are one of the many examples of solutions for network security.
Enterprise Web Application Services build an important foundation for such client, customer, and employee communication. A very common configuration for hosting such enterprise web Application Services is shown in FIG. 1. As shown in FIG. 1, an enterprise can offer web Application Services to various clients and there are several possibilities for clients to connect to the servers depending on the location of the client relative to the servers' location. The servers which provide the Application Services are typically located in the enterprise's data center 1016 and are accessible, directly or indirectly, via World-Wide-Web (WWW) servers 1012. Sometimes enterprises provide access to the Application Services by making the application servers directly accessible by putting those application servers into a Demilitarized Zone (DMZ) 1011.
A client 1003 may connect via a Local Area Network (LAN) through the enterprise's intranet 1013. Another client 1004 may connect through a Wireless LAN (WLAN) to the intranet 1013. Yet another client 1005 may be located inside the enterprise's campus network 1015, which connects to the enterprise's intranet 1013. An enterprise may have zero or more campuses 1014 and 1015. Yet another client 1001 may connect through the Internet 1000, or a client 1002 may have a mobile connection to the Internet 1000. In any case to prevent illegitimate access to the enterprise's web Application Services, the “inside” of the enterprise's network, the intranet 1013, is protected by having a network perimeter 1010, which may comprise firewalls, associated network interconnect, and additional resources “within” the perimeter network configured so as to be broadly accessible to users on the “outside” of the enterprise.
Virtualization in computing refers to the abstraction of computing resources. It can be used to hide the physical characteristics of computing resources from the way in which other systems, applications, or end users interact with those resources. Virtualization includes making a single physical resource (such as a server, an operating system, an application, or storage device) appear to function as multiple logical resources. Virtualization can also cluster multiple physical resources (such as storage devices or servers) to make them appear as a single logical resource. In enterprise networking, virtualization can be used to achieve high availability, for example by clustering redundant physical resources, or can reduce the total cost of ownership by sharing one partitioned resource among different business units.